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1. 



(original) A method for broadcast encryption, comprising: 



assigning each user in a group of users respective private information 



selecting at least one session encryption key K; 

partitioning users not in a revoked set R into disjoint subsecs Si„...S|j„ having associated 
subset keys Lj,,.,.Lin,; and 

encrypting the session key K with the subset keys L^, Lmi to render m encrypted versions 

of the session key K, 

2. (original) The method of Claim 1, further coirprismg partitioning the users into groups 
Si S^, wherein "w" is an integer, and the groups establish subtrees in a tree. 

3. (original) The method of Claim 2, wherein the tree is a complete binary tree. 

4. (original) The method of Claim 1 , further comprising using private information to decrypt 
the session key. 

5. (original) The method of Claim 4, wherein the act of decrypting includes using mformation 
ij such that a user belongs to a subset Sy, and retrieving a subset key Ly using the private information of the 



U5!er. 
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6. (original) The method of Claim 2. wherein each subset S,^,...S.^ includes all leaves in a 
subtree rooted at some node v„ at least each node in the subtree being associated with a respective subset key. 

7. (original) The method of Claim 6. wherein content is provided to users in at least one message 
defining a header, and the header includes at most r*log(N/r) subset keys and encryptions, wherein r is the 
number of users in the revoked set R and N is the totol number of users. 

8. (original) The method of Claim 6, wherein each user must store log N keys, wherein N is 
the total number of users. 

9. (original) The method of Claun 6, wherein content is provided to users in at least one 
message, and wherein each user processes the message using at most log log N operations plus a single 
decryption operation, wherein N is the total number of users. 

10. (original) The method of Claim 6. wherein (he revoked set R defmes a spanning tree, and 
subtrees having roots attached to nodes of the spanning tree define the subsets. 

11. (original) The method of Cl^m 2, wherein the tree inctades a root and plural nodes, e«* 
node having at least one associated label, and wherein each subset includes all leaves in a subtree rooted at 

node V, that are not in the subtree rooted at some other node Vj that descends from Vj. 
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12. (original) The method of Claim 11, wherein content is provided to users in at least one 
message defining a header, and the header includes at most 2r-l subset keys and encryptions, wherein r is 
the number of users in die revoked set 

13. (original) The method of Claim 11, wherein each user must store .51og^ N -h .51og N -hi 
keys, wherein N is the total number of users. 

14. (original) The method of Claim 11. wherein content is provided to users in at least one 
message, and wherein each user processes die message using at most log N operations plus a single 
decryption operation, wherein N is die total number of users. 

15. (original) The method of Claim 11, wherein the revoked set R defines a spanning tree, and 

wherein the method includes: 

initializing a cover tree T as die spanning u:ce; 

iteratively removing nodes from die cover tree T and adding nodes to a cover until die cover 
tree T has at most one node. 

16. (original) The method of Claim 1 1 , wherein each node has at lea^t one label possibly induced 
by at least one of its ancestors, and wherein each user is assigned labels from all nodes hanging from a direct 
path between the user and die root but not from nodes in the direct path. 
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17. (original) The method of Claim 16, wherein labels are assigned to subsets using a 
pseudorandom sequence generator, and the act of decrypting includes evaluating the pseudorandom sequence 
generator. 

18. (original) The method of Claim 1 , wherein content is provided to users in at least one message 
having a header includmg a cryptographic function E^, and the method includes prefix-truncating the 
cryptographic function B^,- 

19. (original) The method of Claim 2, wherein the tree includes a root and plural nodes, each 
node having an associated key, and wherein each user is assigned keys from all nodes m a direct path between 
a leaf representing the u^er and the root. 

20. (original) The method of Claim 1 , wherein content is provided to users in at least one message 
defining plural portions, and each portion is encrypted with a respective session key. 

21 . (original) A computer program device » comprising: 

a computer program storage device including a program of mstructions usable by a computer, 

comprising: 

logic means for accessing a tree to identify plural subset keys; 
logic means for encrypting a message with a session key; 



10(53-1 21. AM r> 
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logic means for encrypting the session key at least once with each of the subset keys to render 
encrypted versions of the session key ; and 

logic means for sending the encrypted versions of the session key in a header of the message 

to plural stateless receivers. 



22. (original) The computer program device of Claim 21 , further comprising: 

logic means for partitioning receivers not in a revoked set R into disjoint subsets S,„...S 
having associated subset keys Li,,,...Lj,„. 



iui 



23. (origmal) The computer program device of Claim 22, further comprising logic means for 
partitioning the users ituo groups S. S.. wherein "w" is an integer, and the groups establish subtrees in 

a tree* 



24. (origmal) The computer program 



device ot Claim 21, fiirther comprising logic means for 



using private information I, to decrypt the session key. 

25. (original) The computer program device of Claim 24, wherein the means for decrypting 
includes logic means for using information i, such that a receiver belongs to a subset S,, and retrieving a key 
L from the private information of the receiver. 
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in . suwrec tooted at some node v, at least 
all leaves m a suoirc* 

respective subset Icey. 

1, T is the number or receive 
and encryptions, v^herem r is tn 



receivers. ^l^erein each receiver nmst ^tore log 

^ Coriginal) The computer program dev^ce of Cla.m 

H.eys.whereinN.the tot. number of receivers. 

. of Claim 26, wherein logic means provide contem 

. rx^m 23 wherein the tree includes a root and 

plural node., each node having at least o 
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the subtree rooted at some other node Vj that descends from 



32 (original) The con.patet program device of Claim 31. wherein logic means provide content 
encryptions, wherein r i* the number of receivers in the revoked set R. 



33. (original) The computer program device 
N + .51og N + 1 keys, wherein N is the total number of receivers. 



of Claim 3 1 . wherein each receiver must store 51og* 



34. 



(original) The computer program device of Claim 31. wherein logic means provide content 
to receivers in at least one message, and wherein each receiver processes the message using at most log N 
operations plus a single decryption operation, wherein N is the total number of receivers. 

35. (original) 1^. computer program device of Claim 31. wherein the revoked set R defmes a 
spanning tree, and wherein (original) The computer program device includes: 

logic means for initializing a cover tree T as the spanning tree; and 
logic means for iteratively removing nodes from the cover t«e T and adding nodes to a cover 
until the cover tree T has at most one node. 
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36. (original) The computer program device of Claim 35. wherein logic means assign labels to 
receivers using a pseudorandom sequence generator, and the labels induce subset keys. 

37. (original) The computer program device of Claim 36. wherein the means for decrypting 
includes evaluating the pseudorandom sequence generaior. 

38. (original) The computer program device of Claim 21. wherein logic means provide content 
to receivers in at least one message having a header including a cryptographic fimction E,. and (original) Hie 
computer program device includes logic means for prefix-truncating the cryptographic fimction E,, 

39. (original) The computer program device of Claim 73. wherein the tree includes a root and 
plural nodes, each node having an associated key. and wherein logic means assign each receiver Iteys from 



all 



nodes in a direct path between a leaf representing the receiver and the root. 



40. (original) The computer program device of Claim 21. wherein logic means provide content 
U> receivers in at least one message defining plural portions, and each portion U encrypted with a respective 

session key. 

41. (currently amended) A computer programmed with instructions to cause the computer to 

execute method acts including: 

encrypting broadcast content; and 
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sending the broadcast content to plural stateless ge»d receiveis and to at least one revoked 
receiver such that each stateless geed receiver can decrypt the content and the revoked receiver 
cannot decrypt the content. 

42. (original) The computer of Claim 41 . wherein the mediod acts further comprise: 
assigning each receiver in a group of receivers respective private information I„; 
selecting at least one session encryption key K; 

partitioning all receivers not in a revoked set R into disjoint subsets S,„...S„ having 

associated subset keys L,,,....!-™; ™<* 

encrypting the session key K with the subset keys L. L,™ to render ra encrypted versions 

of the session key K. 

43. (original) The computer of Claim 41. wherein the method acts undertaken by the computer 
foriher comprise partitioning the users into groups S ,S.. wherein "w" is an integer, and the groups 

establish subtrees in a tree, 

44. (original) The computer of Claim 43, wherein the tree is a complete binary tree. 
44. (canceled). 
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45. (original) The computer of Claim 44, wherein the aci of decrypting undertaken by the 
computer includes using information ij such that a receiver belongs to a subset S,. and retrieving a key 
using the private information of the receiver. 

46. (original) The computer of Claim 43, wherein each subset S^, includes all leaves in a 

subtree rooted at some node v,. at least each node in the subtree being associated with a respective subset key. 

47 . (original) The computer of Claim 46. wherein content is provided to receivers in at least one 
message defining a header, and the header includes at most r*log(N/r) subset keys and encryptions, wherein 
r is the number of receivers in the revoked set R and N is the total number of receivers. 

48. (original) The computer of Claim 46, wherein each receiver must store log N keys, wherein 
N is the total number of receivers. 

49. (original) The computer of Claim 46, wherein content is provided to receivers in at least one 
message, and wherein each receiver processes the message using at most log log N operations plus a single 
decryption operation, wherein N is the total number of receivers. 

50. (original) tlie computer of Claim 46. wherein the revoked set R defines a spanning tree, and 
subtrees having roots attached to nodes of the spanning tree define the subsets. 
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51 („ri,inal) Th. co^puKr of Cain. 43. u« Mo*8 a ro« plu... »k1«. ^ 

«^ ...in, one -ci-O ^'"^ ' " 

»<1= V, a. node v, dc^cc^s ten. v,. 

52 (origin.-) -n-c computer of Ciain. 51. wK=«to co.<«» 1. provided .0 receivers in a, leas, one 
,n„,a.e defning a head., and »e header inciude, a. ^ ^ - encrypdons. wherein r is 
the number of receivers in the revoked set R. 

53. (origi^l) The computer of Claim 51 . whecein each receiver must store .51og' N + .51og N 
+ 1 keys, wherein N is the total number of receivers. 



54, (original) The computer 
message, and wherein each receiver processes the message 
decrypUon operation, wherein N is die total number of receivers. 



of Claim 51 . wherein content is provided to receivers in at least one 
using at most log N operations plus a single 



55. (ori8inaI)ThecomputerofClaim5l.wherein.herevo.edsetRdefinesaspau„ingtree.and 

Wherein the mediod acts undertaken by the computer further include: 
initializing a cover tree T as the spanning tree; 

iteratively removing nodes from th. cover tree T and adding nodes to a cover until the cover 
tree T has at most one node. 
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56. (original) The computer of Claim 55. wherein the computer assigns node labels to receivers 
from the tree using a pseudorandom sequence generator. 

57. (original) The computer of Claim 56, wherein the act of decrypting undertaken by the 
computer includes evaluating the pseudorandom sequence generator. 

58. (original) The computer of Cl=dm 41 . wherein content is provided to «ceivers in at least one 
message having a header including a cryptographic function and the .ncthod acts undertaken by .he 
computer include prefix-truncating the cryptogmphic fiinction E^. 

59 (original) The computer of Claim 41 . wherein content is provided to receivers in at least one 

key. 

60 (original) T^. method of Claun 11. wherein each node has plural labels with each ancestor 
of the node inducingarespectivelabel. and Wherein each user is assigned labels ftomaU^ 

a direct path between the user and the root but not from nodes in the direct path. 

61. (original) A method for broadcast encryption, comprising: 

assigning each user in a group of users respective private information I„; 
selecting at least one session encryption key K; 

10£I.12I.AMI> 
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, s,,.. .,S,, wberein "w" is an integer, and the groups establish 
R inco disjoint subsets S^.-^S^, having associated 



partitioning all users into groups 

subtrees In a tree; 

partitioning users not in a revoked set 

subset k^s 

eocyptmg a,e session K with .h. s„l»« k^s L,, U.<0 «ni.r n ^^m-^O '-"M 

>*c.. »..«ein eaO. subse. inC„.. aU le-ves m . s»«ree ™.«d » son» ™a= v, 
.„ « ia fl>. subtte. rooted « some O0«r node V, d»,t descends tom V,. 

62 (oriEinBl) A potentially '» ' '>''"^ 

3, ^ one dau s»tag. device storing pl^l .a«s of ,»des .1.. ate «« i« a direet p«h 
^een t-e «.l.er atid a root o, a tree having a ,ea, rep.es=„ting *e receiver, bot d»>. 1-g off 
U,edi».p.thandO,.a..i«in=«.by™«nodev,..n.n,^to,ort*e,e.frep,e»n.ing..er«.rver, 

U,e labels establisbin. private infonrndo. . of .be receiver usable by .be reviver to decrypt subset 
keys derived from the labels. 



63. (original) The receiver 
except a direct path set that are rooted 
no other subset keys. 



of Claim 62, wherein the receiver computes the subset keys of all sets 
at the node v. by evaluating a pseudorandom function, but can compute 
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of Claim 62, wherein the receiver decrypts a session key using at least 



64. (original) The receiver 
one subset key. the sessioi. key being useful for decrypting content. 

65. (currently amended) A receiver of content, comprising: 
means for storing respective private infornation 1„; 

.ean. for receiving at lea.t one session encrypUoa key K encrypted witU plnrai subset keys, 

the session key encrypting content; and 

tor ob-lmng « ica^ one .obse, key «ing .he priv3» i.^Uon such *e session 



^.h^rPin r is th" ^».^iher of receivers Jn. 



,..nv«l sftt R ap-^ ^ r^" ^^tal nnmher of recetvers. 



66. (original) The receiver of Claim 65, wherein 
groups S, S,, wherein -w" is an integer, and die groups 



the receiver is partitioned into one of a set of 
establish subtrees in a tree defining nodes and 



leaves. 



f r., -^fif. ^«l^errin wbscts S S:,„ derived from the set of groups 

67 (original) The receiver ot Claim 66, wherein suDseis a„ ^„„ 

S, define a cover. 



68. (canceled). 
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of Claim 67. wherein the receiver must store log N keys, wherein N 



70. (currenfly amended) Th u u iu.i r 'n r n f riniir 6 7 A n.rHv.r of c ontent. compris iDgi 
mPHu^; fnr storint> Tftsnectlv * pi-ivarf information I..; 

r., ^.Win. le..t on. session .n crYption V^y K ^^icrypted with plural subset keys. 

fhft /iftasion kev ep ^-rvnting coatetit; an<J 

v^ V V ..n h. decrvoteH nl.v the content , wherein the receiver receives content in at least one 
n««.aee defining a header, and wherein the receiver processes the message using at most log log N 
operations plus a single decryption operation, wherein N is the total number of receivers. 

71. (original) The receiver of Claim 67, wherein a revoked set R defines a spanning tree, and 
subtrees having roots attached lo nodes of the spanning tree define the subsets. 

72. (original) The receiver of Claim 67. wherein the tr.e includes a root and plural nodes, each 
™,de having at least one associated label, and wherein each subset includes all leaves in a subtree rooted at 
some node v-. that are not in the ^btree rooted at some other node v, that descends from v. 



73. (currently amended) Tli c t a r mm o f riai m^A rrrmer of cnntent. comprisinR: 
ni^ans for storing rPRp<.riive prSv^'tw information I..; 
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far receiviiie at least one scss inn etif rvption irftv K fincrvpteri with nliiral subset keys. 

the session kev encrvp tinp content: and 

m,>i>n< fnr nhtaining at least one subspT kev using t hp nrivate information such that the session 
key K can be dgcrvoted to plav the content , wherein the receiver receives content in a message having 
a header including at most 2r-l subset keys and encryptions, wherein r is the number of receivers in 
(he revoked set R. 

74. (currenUy amended) -r^- rnnni„nr nf rw,m Tt\ receiver of content. contpfisinR: 
means for storing restfective t>riva te informadon I,.; 

m^^nc fnr rer^imn ? Bt i^ast nne Rflss i on encryption kev K encrvptgd with plural subset keys. 



the session kev encrypting contenti and 

m^n^g fnr obtaining at len^-t one subse t kev using the private information such that the session 
ve y 1^ can be decrvnted to plav the content , wherein the receiver must store .5log^ N + .Slog N + 1 
keys, wherein N is the total number of receivers. 

75. (currenUy amended) The r^'r'>»"^<^-rf rinim iiA receiver of content, comprising: 
means for storing respective priva te information I.: 

.^n« for receivin g =>t least One session encryption kev K encrypted with plural subset keys. 
the session key encryp tinf content: and 

mp;.nt «nr rthtainine at least one sub sftt kev naini? the private infonnatiott such that the session 
kftv K can be df^rrvpted to plav the content , wheteb content is provided to the receiver in at least one 
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message, a.. w.erein..e:eceiverprc.«.st.e™.s.geu.ng^ 
decryption operation, wherein N is the total number of receiver.. 

riiiim 72 wherein the receiver decrypts the subset key by 
76. (original) The receiver of Claim 11, wnerciu ui 

evaluating a pseudorandom sequence generator. 



77. (currenUy amende(J) A receiver of content, comprising: 
a data storage storing respective private taformation I„; 



A^Ai'B^ m^pivinff at least One session 
a processuig device receiving 



encryption key K encrypted with plural 



subset keys, the session key encrypting content 



, the processing device obtaining at least one subset 



key using the private information such that the session 



key K. can be decrypted to play the content, 
„.i,,^in 1SJ is the ""-"ber of recejvCTS. 



78. (original) The receiver of Claim 



77. wherein the receiver is partitioned into one of a set of 



groups S S^. wherein "w" is an 



integer, and the groups establish subtrees in a tree. 



„. „™e»ceiv«<.fCU.i.«.«b.«insub»,sS S„.«iv«lft«.U»s«o, group. 

S, S« define a cover. 
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<«,iB« -n^ r=»iv« Of cm. 79, whe.,n .he ^ceiver n>ceives co^ in - .east o» 
revoked set R and N is the total number of receivers. 



message 

r is the number of receivers in a 



• f r^.rr» 79 wherein the receiver must store log N keys, wherein N 
81 (original) The receiver of Claim 79, wnerein 

is the total number of receivers. 



82. (canceled). 



revolted set R defines a spanning tree, and 



83 (original) The receiver of Claim 79, wherein one 
subtrees having roots attached to nodes of the spanning tree define the subsets. 

84 (original) ^ receiver of Claim 79. wherein the tree includes a root and plural nodes, each 
having at least one associated label, .d wherein each subset includes all leaves in a subtree rooted at 



85. 



(original) The receiver of Claim 84. wheiein the receiver 



receives content in a message having 



header including at most 2r-l subset keys and 



encryptions, wherein r is the nun.ber of receiver in the 



revoked set R. 
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86. (original) The receiver of Claim 84. wherein the receiver must store .51og^ N + .Slog N + 1 
keys, wherein N is the total number of receivers. 



87. (original) The receiver 
one message, and wherein the receiver processes 
decryption operation, wherein N is the total number of receivers 



of Claim 84. wherein content is provided to the receiver in at least 
die message using at most log N operations plus a single 



88. (original) The receiver of Claim 84, 
evahiating a pseudorandom sequence generator. 



wherein the receiver decrypts the subset key by 



89 



(original) A medium holding a message of content of the general form 

< [i., B^.(K), E,,(K) E^CK)], F,(M)> , wherein K is a session key. F. is an 

encryption primitive, E. is an encryption primitive, L, are subset Iceys associated with subsets 

of receivers in an encryption broadcast system. M is a message body, and i.. i. i... -e tree 

node subsets defining a cover. 

90. (original) The medium of Claim 89. wherein the encryption primitive is implemented by 
XORing the message body M wi* a stream cipher generated by the session key K. 
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,1. (oHjtaid) Then«Uum of CI.™ 89. wh«* E, H a Prem-Tmncado. ^ficafa. of a block 
cip«r. ® repr«,=oB . n™iom sTing whose le„s«, e<,ua., bloct lengU, of »d K is a sh.n ke, for 

Fk, and the message is of the form 

<li., i, L. U, IPretlx,„E,.(U))®K,....[Pref«,.,S^,.(U))eK). F.(M)> . 



92. 



(origmal) The medium of Claim 91. therein ® e encrypted and the message is of th. 



form 



<n..i.,.. -i-. [Pr.Bx,ME.u,(U»iJ)®K,-.[^IMEu.(UeUieKl, F.(M». 

93. (o.lgin.1) Tte modium of mm 89. whetei. .he subs« toys .re clerived ftom . u« ineludine 
, Plural nodes, e»h .c^ l^m «■ -east one associa,ed label, and wherein each s«bs.r i»=,udea aU 
^ in a subtree roored a. soch, node v, ito are no. in 0,e a»b«.e roored a. son» oUrcr node «u. 

descends from v^. 

94. („riginal)The,nedi»mofClaim89,wben,in0.esnbse.keys.r.derivedfromatte.lnel,ulin. 
a root a«i pl.,al nodes, eaeh node havin, a. ..as, one ««oei.ted label, and wherein each subset ir^luda. all 
leaves in a sob.n» rooted a. »«e .KKle v„ at least each mxl. in d.. ™btr«= bein, .ssocUted with a respective 

subset key. 

95. (origmal) The computer of Claim 42. wherein the act of partitioning is iindertaken by a 
system computer in a system of receivers separate from the system computer . 
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96. (original) The computer 
receiver computer. 



of Claim 42. wherein the act of partitioning is undertaken by a 



(original) The receiver of Claim 67. wherein the receiver derives the subsets in the cover. 



98. (new) The computer of Claim 41 . wherein 
to (Jecrypt the session iccy. 



the method acts include using private information 
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